You need to use \ to escape every " in that part (except for the very first and very last). Each time the script encounters a " it switches out of string mode and into php mode, which you don't want. Do you have error reporting turned off?

Dan

bucket

08-25-2009, 09:06 PM

I dont know if I have error turned off. Can you post a working version of it?

And also where would I add \ too?

whizard

08-25-2009, 09:09 PM

1. Add this line: error_reporting(E_ALL); to the top of the code (inside the <?php of course)

2. the backslash is an 'escape' character. What this means is that you place it in front of a character which has a special meaning, but you want the code to ignore, such as " or $.

So, to escape the code, place a backslash ( \ ) in front of every " you have in that block of code.

It looks good, I would just say make sure you are checking the POST values, so that someone couldn't mess with your script.

Dan

bucket

08-25-2009, 09:56 PM

You mean so someone cant click register2.php like 6 times and create blank or multiple accounts?

whizard

08-25-2009, 10:01 PM

Well, make sure

a) the POST values have been set (are not empty)
b) the POST values have the right kind of data in them. Are you expecting an int? use is_int(). Are you expecting a string? Use is_string().
c) the POST values have been escaped to avoid SQL injection. See mysql_real_escape_string() (http://us.php.net/manual/en/function.mysql-real-escape-string.php)